The Reserve Bank of India (RBI) has taken a significant step by imposing a fine of Rs 65 lakh on AP Mahesh Cooperative Urban Bank for failing to comply with the Cyber Security Framework for Primary (Urban) Cooperative Banks. The penalty was imposed after a thorough cyber audit conducted by the RBI and an investigation by the Hyderabad police revealed serious lapses in the bank’s security measures. These lapses allowed hackers to breach the bank’s systems and steal an amount of Rs 12.48 crore.
The online bank robbery occurred on January 24, 2022, when a hacker infiltrated the bank’s systems using phishing emails sent to the bank’s staff. The investigation led to the arrest of six individuals, including two Nigerian nationals, involved in the theft of Rs 12.48 crore.
The police investigation and RBI’s findings highlighted the bank’s negligence in implementing adequate cybersecurity measures. The Hyderabad police commissioner, CV Anand, wrote to the RBI governor, bringing attention to the critical security lapses and requesting the suspension of the bank’s operating license.
While criminal negligence charges were not applicable under the current legal framework, the police commissioner’s efforts led to the RBI imposing a financial penalty of Rs 65 lakh on Mahesh Bank. The investigation revealed that the bank lacked essential cybersecurity infrastructure, such as anti-phishing applications, intrusion prevention and detection systems, and real-time threat defense and management systems, as required by RBI guidelines.